Exploração pública

Catálogo de exploits

Todo exploit público que catalogamos, num índice só. Busque por CVE, nome do exploit ou tecnologia — e veja, ao lado, o que a falha realmente vale: severidade, probabilidade de exploração e se já está sob ataque.

71.163exploits catalogados
31.687CVEs com exploração pública
0testados em laboratório
22.469 exploits
Exploit-DB
WordPress Plugin ARforms 3.7.1 - Arbitrary File Deletion
CVE-2019-1690230 set 2019
In the ARforms plugin 3.7.1 for WordPress, arf_delete_file in arformcontroller.php allows unauthenticated deletion of an
23RISCO
abrir
Exploit-DB
Microsoft SharePoint 2013 SP1 - 'DestinationFolder' Persistant Cross-Site Scripting
CVE-2019-126225 set 2019
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a speciall
23RISCO
abrir
Exploit-DB
NPMJS gitlabhook 0.0.17 - 'repository' Remote Command Execution
CVE-2019-548525 set 2019
NPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be inje
35RISCO
abrir
Exploit-DB
ABRT - sosreport Privilege Escalation (Metasploit)
CVE-2015-528725 set 2019
The abrt-hook-ccpp help program in Automatic Bug Reporting Tool (ABRT) before 2.7.1 allows local users with certain perm
38RISCO
abrir
Exploit-DB
iMessage - Decoding NSSharedKeyDictionary Can Read Object Out of Bounds
CVE-2019-864124 set 2019
An out-of-bounds read was addressed with improved input validation.
28RISCO
abrir
Exploit-DB
Pfsense 2.3.4 / 2.4.4-p3 - Remote Code Injection
CVE-2019-1670124 set 2019
pfSense through 2.3.4 through 2.4.4-p3 allows Remote Code Injection via a methodCall XML document with a pfsense.exec_ph
28RISCO
abrir
Exploit-DB
Microsoft Windows - BlueKeep RDP Remote Windows Kernel Use After Free (Metasploit)
CVE-2019-0708CRITICALsob ataqueransomware24 set 2019
A remote code execution vulnerability exists in Remote Desktop Services formerly known as Terminal Services when an unau
100RISCO
abrir
Exploit-DB
iOS < 12.4.1 - 'Jailbreak' Local Privilege Escalation
CVE-2019-8605HIGHsob ataque23 set 2019
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.1
76RISCO
abrir
Exploit-DB
vBulletin 5.0 < 5.5.4 - 'widget_php ' Unauthenticated Remote Code Execution
CVE-2019-16759CRITICALsob ataque23 set 2019
vBulletin 5.x through 5.5.4 allows remote command execution via the widgetConfig[code] parameter in an ajax/render/widge
100RISCO
abrir
Exploit-DB
Gila CMS < 1.11.1 - Local File Inclusion
CVE-2019-1667923 set 2019
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
23RISCO
abrir
Exploit-DB
HPE Intelligent Management Center < 7.3 E0506P09 - Information Disclosure
CVE-2019-539223 set 2019
A disclosure of information vulnerability was identified in HPE Intelligent Management Center (IMC) PLAT earlier than ve
23RISCO
abrir
Exploit-DB
LayerBB < 1.1.4 - Cross-Site Request Forgery
CVE-2019-1653120 set 2019
LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.
23RISCO
abrir
Exploit-DB
Western Digital My Book World II NAS 1.02.12 - Authentication Bypass / Command Execution
CVE-2019-1639919 set 2019
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to acce
23RISCO
abrir
Exploit-DB
Counter-Strike Global Offensive 1.37.1.1 - 'vphysics.dll' Denial of Service (PoC)
CVE-2019-1594318 set 2019
vphysics.dll in Counter-Strike: Global Offensive before 1.37.1.1 allows remote attackers to achieve code execution or de
23RISCO
abrir
Exploit-DB
Symantec Advanced Secure Gateway (ASG) / ProxySG - Unrestricted File Upload
CVE-2016-1025816 set 2019
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A
23RISCO
abrir
Exploit-DB
AppXSvc - Privilege Escalation
CVE-2019-1253HIGHsob ataqueransomware16 set 2019
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To e
76RISCO
abrir
Exploit-DB
Notepad++ < 7.7 (x64) - Denial of Service
CVE-2019-1629416 set 2019
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode ch
23RISCO
abrir
Exploit-DB
Dolibarr ERP-CRM 10.0.1 - 'User-Agent' Cross-Site Scripting
CVE-2019-1619713 set 2019
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document
23RISCO
abrir
Exploit-DB
LimeSurvey 3.17.13 - Cross-Site Scripting
CVE-2019-1617213 set 2019
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, Su
23RISCO
abrir
Exploit-DB
LimeSurvey 3.17.13 - Cross-Site Scripting
CVE-2019-1617313 set 2019
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example,
23RISCO
abrir
Exploit-DB
Microsoft DirectWrite - Out-of-Bounds Read in sfac_GetSbitBitmap While Processing TTF Fonts
CVE-2019-124412 set 2019
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'Di
28RISCO
abrir
Exploit-DB
Microsoft DirectWrite - Invalid Read in SplicePixel While Processing OTF Fonts
CVE-2019-124512 set 2019
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'Di
28RISCO
abrir
Exploit-DB
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting
CVE-2019-1611710 set 2019
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admi
23RISCO
abrir
Exploit-DB
WordPress Plugin Photo Gallery 1.5.34 - Cross-Site Scripting (2)
CVE-2019-1611810 set 2019
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admi
23RISCO
abrir
Exploit-DB
LibreNMS - Collectd Command Injection (Metasploit)
CVE-2019-1066910 set 2019
An issue was discovered in LibreNMS through 1.47. There is a command injection vulnerability in html/includes/graphs/dev
60RISCO
abrir
Exploit-DB
October CMS - Upload Protection Bypass Code Execution (Metasploit)
CVE-2017-100011910 set 2019
October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise
50RISCO
abrir
Exploit-DB
WordPress Plugin Photo Gallery 1.5.34 - SQL Injection
CVE-2019-1611910 set 2019
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/control
28RISCO
abrir
Exploit-DB
Enigma NMS 65.0.0 - SQL Injection
CVE-2019-1606509 set 2019
A remote SQL injection web vulnerability was discovered in the Enigma NMS 65.0.0 and prior web application that allows a
23RISCO
abrir
Exploit-DB
Enigma NMS 65.0.0 - OS Command Injection
CVE-2019-1607209 set 2019
An OS command injection vulnerability in the discover_and_manage CGI script in NETSAS Enigma NMS 65.0.0 and prior allows
43RISCO
abrir
Exploit-DB
FusionPBX 4.4.8 - Remote Code Execution
CVE-2019-1502906 set 2019
FusionPBX 4.4.8 allows an attacker to execute arbitrary system commands by submitting a malicious command to the service
28RISCO
abrir
anteriorpágina 55 / 749próximo

Indexamos apenas o link público para a prova de conceito — nunca hospedamos nem redistribuímos código de exploração. Fontes: PoC-in-GitHub, Exploit-DB, Nuclei, Metasploit e VulnCheck XDB. A existência de PoC pública não significa que a falha seja explorável no seu ambiente.